5 #ifndef CVMFS_CRYPTO_SIGNATURE_H_
6 #define CVMFS_CRYPTO_SIGNATURE_H_
8 #include <openssl/bio.h>
9 #include <openssl/err.h>
10 #include <openssl/evp.h>
11 #include <openssl/pem.h>
12 #include <openssl/rsa.h>
13 #include <openssl/x509.h>
38 std::string GetCryptoError();
40 void UnloadPrivateKey();
41 void UnloadPublicRsaKeys();
42 void UnloadPrivateMasterKey();
43 void UnloadCertificate();
45 bool LoadPrivateMasterKeyPath(
const std::string &file_pem);
46 bool LoadPrivateKeyPath(
const std::string &file_pem,
47 const std::string &password);
48 bool LoadPrivateMasterKeyMem(
const std::string &key);
49 bool LoadPrivateKeyMem(
const std::string &key);
50 bool LoadCertificatePath(
const std::string &file_pem);
51 bool LoadCertificateMem(
const unsigned char *buffer,
52 const unsigned buffer_size);
53 bool WriteCertificateMem(
unsigned char **buffer,
unsigned *buffer_size);
59 static shash::Any MkFromFingerprint(
const std::string &fingerprint);
61 bool LoadPublicRsaKeys(
const std::string &path_list);
62 bool LoadBlacklist(
const std::string &path_blacklist,
bool append);
63 std::vector<std::string> GetBlacklist();
65 bool LoadTrustedCaCrl(
const std::string &path_list);
67 bool Sign(
const unsigned char *buffer,
const unsigned buffer_size,
68 unsigned char **signature,
unsigned *signature_size);
69 bool SignRsa(
const unsigned char *buffer,
const unsigned buffer_size,
70 unsigned char **signature,
unsigned *signature_size);
71 bool Verify(
const unsigned char *buffer,
const unsigned buffer_size,
72 const unsigned char *signature,
unsigned signature_size);
73 bool VerifyRsa(
const unsigned char *buffer,
const unsigned buffer_size,
74 const unsigned char *signature,
unsigned signature_size);
75 bool VerifyLetter(
const unsigned char *buffer,
const unsigned buffer_size,
77 bool VerifyPkcs7(
const unsigned char *buffer,
const unsigned buffer_size,
78 unsigned char **content,
unsigned *content_size,
79 std::vector<std::string> *alt_uris);
80 static void CutLetter(
const unsigned char *buffer,
81 const unsigned buffer_size,
83 unsigned *letter_length,
84 unsigned *pos_after_mark);
87 std::string GetActivePubkeys()
const;
88 std::vector<std::string> GetActivePubkeysAsVector()
const;
90 std::string GetPrivateMasterKey();
92 std::string GetCertificate()
const;
94 std::string GetPrivateKey();
96 void GenerateMasterKeyPair();
97 void GenerateCertificate(
const std::string &cn);
100 RSA *GenerateRsaKeyPair();
101 std::string GenerateKeyText(RSA *pubkey)
const;
103 void InitX509Store();
117 #endif // CVMFS_CRYPTO_SIGNATURE_H_
Failures Verify(unsigned char *manifest_data, size_t manifest_size, const std::string &base_url, const std::string &repository_name, const uint64_t minimum_timestamp, const shash::Any *base_catalog, signature::SignatureManager *signature_manager, download::DownloadManager *download_manager, ManifestEnsemble *ensemble)
std::vector< std::string > blacklist_
pthread_mutex_t lock_blacklist_
std::vector< RSA * > public_keys_
static int Init(const loader::LoaderExports *loader_exports)
X509_LOOKUP * x509_lookup_
RSA * private_master_key_